rsync - Apr 2026 - rsync readonly mode?

Rsync doesn't have a --readonly switch.  Maybe you have a version with a 
patch?

I didn't mean that almost nobody uses the read only option in 
rsyncd.conf.  I meant that almost nobody uses rsyncd at all.  Publishing 
publicly available read only repositories is one of the things it is 
still used for.

Rsync over ssh isn't just about encryption it is also about the far 
superior authentication capabilities of ssh.  Like ssh keys. This is 
especially important when rsyncing as root for system backups.

On 4/10/26 09:21, G.W. Haywood via rsync wrote:
> Hello again,
> 
> On Thu, 9 Apr 2026, Kevin Korb via rsync wrote:
>> On 2026-04-09 10:29, G.W. Haywood via rsync wrote:
>> > On Thu, 9 Apr 2026, RolandK via rsync wrote:
>> > > > ...
>> > > ...
>> > > wouldn't it be an interesting idea to have some
feature/switch in
>> > > rsync, which can globally (on a per host basis) turn rsync
>> > > into "read-only" mode, i.e. which makes rsync
binary drop any
>> > > capability of using write/modify/delete syscalls ?
>> > > ...
>> > > ...
>> > > 1. Does the (default) "read only" module parameter
not suffice?
>> > > 2. Isn't the usual way to achieve the same global effect
simply to
>> run
>> > the utlilty under a UID that has no write permissions?
>> >
>>
>> Rsync doesn't have a read-only mode.? Rsyncd does but almost nobody
>> uses that.
> 
> Curious that almost nobody should be using it, it's in pretty much
> all of my rsyncd.conf files.? Is there any particular reason why it
> should be so little used?? Would you also conclude that almost nobody
> would use rsync's new --readonly switch?
> 
>> This person is specifically using rsync over ssh not rsyncd.
> 
> Yes, I noticed that.? I almost never use rsync over ssh.? If it's a
> remote connection I rely on OpenVPN.? The encryption overhead can be
> off-loaded to other boxes that way too.
> 
>> Yes, running as a user that can only read files is an excellent
>> solution.? However, this is about full system backups which likely
>> contain files that only root can read.? Sure, some --fake-super
>> trickery could be done but rrsync -ro is easier.
> 
> 3. mount -o bind,ro / /mnt/fake-readonly-root
> 
> ?
> 
> Just trying to help. :)
>

On Fri 10 Apr 2026, Kevin Korb via rsync wrote:
> 
> I didn't mean that almost nobody uses the read only option in
rsyncd.conf.
> I meant that almost nobody uses rsyncd at all.  Publishing publicly
> available read only repositories is one of the things it is still used for.
I use it extensively for backups in our "private cloud" network, and 
elsewhere, together with appropriate firewall rules.
I trust rsyncd with appropriate "hosts allow", "uid" and
"read only =
yes" in de modules definitions more than hoping that no one ever makes 
an error in locking down root ssh access.
> Rsync over ssh isn't just about encryption it is also about the far
superior
> authentication capabilities of ssh.  Like ssh keys. This is especially
> important when rsyncing as root for system backups.
FWIW the (admittedly) simplistic rsync authentication can add a bit more 
security to an rsyncd setup.


Paul